Representative Proposal of the "Information and Communications Network Act Amendment"
Mandatory Manuals and Strengthened Government Investigation Authority
In the wake of a recent cyber breach at SK Telecom that has caused significant public inconvenience and anxiety, a new bill has been introduced to prevent similar incidents from recurring and to strengthen user information protection systems.
On May 22, Jo Incheol, a member of the National Assembly from Gwangju Seo-gu Gap representing the Democratic Party of Korea, proposed an amendment to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., which aims to strengthen the obligations of information and communications service providers in responding to breaches and to clarify the government’s authority for oversight and supervision.
The proposed amendment mandates the establishment and inspection of a standard manual for cyber breach response by both the government and information and communications service providers. It also stipulates that administrative fines will be imposed if service providers fail to fulfill their obligations.
Currently, there are criticisms that the law lacks clear regulations regarding the obligation for mobile carriers to maintain manuals for breach response or the government’s authority to conduct inspections, which has contributed to the spread of damage.
Taking these points into account, the amendment’s core is to require the Minister of Science and ICT to develop and distribute a standard manual for breach management and response, thereby strengthening ongoing preparedness against cyber breaches. Service providers will also be required to develop manuals tailored to the size and characteristics of their operations based on this standard and submit them to the government.
The amendment further provides a legal basis for the government to issue emergency forecasts and alerts via broadcasting and telecommunications in the event of a breach. This reflects criticism that, in the recent SKT hacking incident, initial warnings and responses were inadequate, leading to greater damage, as the incident was only reported in the media four days after it was detected.
The revised bill also stipulates that if a service provider fails to comply with a government order to submit breach-related data, a daily penalty of up to several million won, based on sales, may be imposed.
Jo Incheol stated, "The recent SKT incident was a significant breach that caused tangible harm to the public, but passive responses from the company and insufficient information sharing from the government have heightened concerns about secondary damage. Repeated cyber breaches are the result of inadequate corporate responses and insufficient government systems, so both the government and the private sector must establish systematic response mechanisms to prevent similar incidents from recurring."
Jo Incheol also said, "An effective manual is the minimum safeguard against cyber breaches and an essential measure for protecting citizens’ personal information. Yet, the current law does not stipulate the obligation for service providers to maintain such manuals or the government’s authority to conduct inspections. I hope this amendment will serve as a starting point."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
